Governance Risk and Compliance Sr. Manager

About the position We are seeking a highly skilled Global IT Governance Risk and Compliance Sr. Manager to join our IT team at our Assumption, IL facility. The ideal candidate will ensure that GPT’s IT systems and processes meet legal, regulatory, and internal policy requirements through risk assessments, audits, documentation, policy development, and employee training. They will serve as a bridge between departments—aligning data protection controls with operations, supporting regulator interaction, and leading privacy and cybersecurity compliance functions. They will manage data privacy initiatives from zero to full compliance, bringing together stakeholders, securing management buy‑in, and delivering GDPR and global privacy programs. They will proactively identify and mitigate privacy and security risks and vulnerabilities, strengthen organizational resilience, and build trust with customers, employees, and partners. Your Impact GDPR or Similar Program and Project Management Plan, coordinate, and implement GDPR projects including risk assessments, data mapping, DPIAs, and impact analysis.Lead cross-functional initiatives to ensure compliance with global privacy laws (GDPR, LGPD, CCPA, etc.). Regulatory Cyber compliance Plan, coordinate, and implement NIS2, NIST and other Cyber compliance projects. Work with vCISO and other outsourcing partners in the Cyber space to ensure compliance with different local legislation and standards. IT Governance, Policies & Controls Develop, maintain, and continuously improve IT compliance policies, procedures, guidelines, and internal controls to support effective governance. Develop and maintain comprehensive IT compliance frameworks aligned with GDPR, ISO27001, NIST, NIS2, and SOX as applicable for the size of the organization. Implement and monitor security and privacy controls - including access management, encryption, logging, and data protection measures. Monitor regulatory changes and ensure compliance with new requirements. Ensure ‘secure by design’ principles are applied across systems and projects. Support accurate maintenance of the IT asset inventory and compliance-related asset processes. Audit & Reporting Lead internal and external IT audits, regulatory reviews, and risk assessments. Produce compliance reports covering status, risk performance, KPIs, and audit findings. Build and maintain dashboards to track compliance obligations and remediation efforts. Act as point of contact with authorities and external auditors during reviews or investigations.[MB1] Training & Awareness Ensure training plans and initiatives are sufficient for staff on compliance requirements, privacy principles, and IT policies to all staff levels. Develop ongoing awareness programs to embed a culture of compliance. IT Risk management Building IT risk management for the organization, defining roles and responsibilities, ensuring IT risks are categorized and managed. Building plans to create risk management standards, policies and procedures, work with vCISO to ensure all required documents and processes are defined.Work with senior leaders to develop a risk balanced approach, define actions and implement such. Incident Response Investigate compliance breaches and monitor investigations of security incidents, ensuring root-cause analysis and corrective action. Support incident response activities from a privacy and regulatory perspective. Responsibilities • Plan, coordinate, and implement GDPR projects including risk assessments, data mapping, DPIAs, and impact analysis. • Lead cross-functional initiatives to ensure compliance with global privacy laws (GDPR, LGPD, CCPA, etc.). • Plan, coordinate, and implement NIS2, NIST and other Cyber compliance projects. • Work with vCISO and other outsourcing partners in the Cyber space to ensure compliance with different local legislation and standards. • Develop, maintain, and continuously improve IT compliance policies, procedures, guidelines, and internal controls to support effective governance. • Develop and maintain comprehensive IT compliance frameworks aligned with GDPR, ISO27001, NIST, NIS2, and SOX as applicable for the size of the organization. • Implement and monitor security and privacy controls - including access management, encryption, logging, and data protection measures. • Monitor regulatory changes and ensure compliance with new requirements. • Ensure ‘secure by design’ principles are applied across systems and projects. • Support accurate maintenance of the IT asset inventory and compliance-related asset processes. • Lead internal and external IT audits, regulatory reviews, and risk assessments. • Produce compliance reports covering status, risk performance, KPIs, and audit findings. • Build and maintain dashboards to track compliance obligations and remediation efforts. • Act as point of contact with authorities and external auditors during reviews or investigations. • Ensure training plans and initiatives are sufficient for staff on compliance requirements, privacy principles, and IT policies to all staff levels. • Develop ongoing awareness programs to embed a culture of compliance. • Building IT risk management for the organization, defining roles and responsibilities, ensuring IT risks are categorized and managed. • Building plans to create risk management standards, policies and procedures, work with vCISO to ensure all required documents and processes are defined. • Work with senior leaders to develop a risk balanced approach, define actions and implement such. • Investigate compliance breaches and monitor investigations of security incidents, ensuring root-cause analysis and corrective action. • Support incident response activities from a privacy and regulatory perspective. Requirements • Bachelor's or Master's degree in law (privacy/data protection), Information Technology, Cybersecurity, Computer Science, or Risk/Compliance • 5+ years of experience in a similar position • Strong understanding of IT security, data privacy, and global regulatory environments • Strong written and oral communication skills • Analytical mindset, critical thinking, and attention to detail • Experience with data‑mapping tools, encryption protocols, audit and logging systems, and Privacy‑by‑Design frameworks • Experience with GDPR, NIS2 and equivalent global privacy regulations Nice-to-haves • Relevant certifications such as CIPP‑E, CIPM, CISSP, CISA, or CRISC are advantageous Benefits • Benefits will include the ability to elect health care and wellness plans, dental and vision plans, flexible and virtual work options (where available), 401(k) Savings Plan with company match, paid holidays, paid time off, health savings and flexible spending accounts, reimbursement for continuing education, life insurance, and other supplemental insurance plans. Apply tot his job Apply To this Job